CVE-2025-21797

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: corsair-void: Add missing delayed work cancel for headset status

The cancel_delayed_work_sync() call was missed, causing a use-after-free in corsair_void_remove().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6ea2a6fd3872e60a4d500b548ad65ed94e459ddd < 2dcb56a0a4da6946f6c18288da595c13e0d2af86affected
LinuxLinux6ea2a6fd3872e60a4d500b548ad65ed94e459ddd < 48e487b002891eb0aeaec704c9bed51f028deff1affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References